[keycloak-user] Adding custom user claims after login
Paolo Tedesco
Paolo.Tedesco at cern.ch
Tue Dec 5 11:24:18 EST 2017
Hi Josh,
Thank you very much, that looks like what I need.
I'm trying to implement a SAMLAttributeStatementMapper, but I cannot find any references to it in the documentation, and I cannot understand which Factory class I should implement. Do you know how I can find that out?
Thanks,
Paolo
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Josh Cain
Sent: Monday, 4 December, 2017 17:26
To: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Adding custom user claims after login
Hi Paolo,
We do something very similar to that by extending the attribute mapper SPI for the protocol we're using. I'd check out:
- SAMLAttributeStatementMapper
- OIDCAccessTokenMapper
- OIDCIDTokenMapper
Josh Cain
Senior Software Applications Engineer, RHCE Red Hat North America jcain at redhat.com IRC: jcain
On 12/04/2017 04:03 AM, Paolo Tedesco wrote:
> Hi all,
>
> I would need to add dynamically some custom client-specific claims to a user's token after authentication.
> The basic idea is that I would need to call an external application, asking for the custom claims for the authenticated user for the target client.
> If I've understood correctly, I cannot do this with mappers, and I could not find a custom SPI type that fits this purpose.
> Is there a way to do this with Keycloak?
>
> Thanks,
> Paolo
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list